Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: Replace TOTP_NOT_ENABLED_ERROR status and make deviceName optional #729

Merged
merged 20 commits into from
Sep 28, 2023

Conversation

KShivendu
Copy link
Contributor

@KShivendu KShivendu commented Jun 22, 2023

Summary of change

  • Replace the TOTP_NOT_ENABLED_ERROR response status with more relevant messages for each API.
  • Make device name optional for creating the device. Generate it based on number of devices already present in the DB for the user.

Checklist for important updates

  • Changelog has been updated
    • If there are any db schema changes, mention those changes clearly
  • coreDriverInterfaceSupported.json file has been updated (if needed)
  • pluginInterfaceSupported.json file has been updated (if needed)
  • Changes to the version if needed
    • In build.gradle
  • If added a new paid feature, edit the getPaidFeatureStats function in FeatureFlag.java file
  • Had installed and ran the pre-commit hook
  • If there are new dependencies that have been added in build.gradle, please make sure to add them
    in implementationDependencies.json.
  • Update function getValidFields in io/supertokens/config/CoreConfig.java if new aliases were added for any core config (similar to the access_token_signing_key_update_interval config alias).
  • Issue this PR against the latest non released version branch.
    • To know which one it is, run find the latest released tag (git tag) in the format vX.Y.Z, and then find the
      latest branch (git branch --all) whose X.Y is greater than the latest released tag.
    • If no such branch exists, then create one from the latest released branch.

Remaining TODOs for this PR

  • Update CDI
  • Think we can do better in case of verifyCode API. Replacing TOTP_NOT_ENABLED WITH INVALID_TOTP_CODE_ERROR doesn't feel correct.
  • Changelog

@KShivendu KShivendu changed the title refactor: replace TOTP_NOT_ENABLED_ERROR status refactor: Replace TOTP_NOT_ENABLED_ERROR status Jun 22, 2023
@rishabhpoddar rishabhpoddar changed the base branch from master to 6.0 June 23, 2023 09:04
@rishabhpoddar rishabhpoddar changed the base branch from 6.0 to feat/mfa June 23, 2023 12:47
src/main/java/io/supertokens/totp/Totp.java Outdated Show resolved Hide resolved
src/main/java/io/supertokens/totp/Totp.java Outdated Show resolved Hide resolved
@KShivendu KShivendu changed the title refactor: Replace TOTP_NOT_ENABLED_ERROR status refactor: Replace TOTP_NOT_ENABLED_ERROR status and make deviceName optional Jun 27, 2023
@@ -2687,7 +2686,7 @@ public void insertUsedCode_Transaction(TransactionConnection con, TenantIdentifi
Config.getConfig(this).getTotpUsersTable(),
new String[]{"app_id", "user_id"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see my comment in plugin interface PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe you're talking about replacing TotpNotEnabledError with new UnknownUserIdError. If yes, done.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check and confirm.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

src/main/java/io/supertokens/totp/Totp.java Outdated Show resolved Hide resolved
src/main/java/io/supertokens/totp/Totp.java Outdated Show resolved Hide resolved
src/main/java/io/supertokens/totp/Totp.java Outdated Show resolved Hide resolved
if (existingDevice.verified) {
// device with same name exists and is verified
// TODO: Should this recursion have a limit?
return registerDeviceRecursive(appIdentifierWithStorage, device, ++counter);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return registerDeviceRecursive(appIdentifierWithStorage, device, ++counter);
return registerDeviceRecursive(appIdentifierWithStorage, device, counter+1);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

if (existingDevice != null) {
if (existingDevice.verified) {
// device with same name exists and is verified
// TODO: Should this recursion have a limit?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove TODO. Or then add a limit to recursion.. Please no PRs with TODOs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed

totpStorage.commitTransaction(con);
return null;
});
// TODO: Should this recursion have a limit?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

again, no TODOs..

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed

// Find number of existing devices to set device name
TOTPDevice[] devices = totpStorage.getDevices(appIdentifierWithStorage, userId);
int verifiedDevicesCount = Arrays.stream(devices).filter(d -> d.verified).toArray().length;
// device.deviceName = "TOTP Device " + (verifiedDevicesCount + 1);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this comment here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed

@@ -95,30 +94,71 @@ public static TOTPDevice registerDevice(Main main, String userId,
}
}

private static TOTPDevice registerDeviceRecursive(AppIdentifierWithStorage appIdentifierWithStorage, TOTPDevice device, int counter) throws StorageQueryException, DeviceAlreadyExistsException, TenantOrAppNotFoundException, StorageTransactionLogicException {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private static TOTPDevice registerDeviceRecursive(AppIdentifierWithStorage appIdentifierWithStorage, TOTPDevice device, int counter) throws StorageQueryException, DeviceAlreadyExistsException, TenantOrAppNotFoundException, StorageTransactionLogicException {
private static TOTPDevice registerDeviceRecursive(AppIdentifierWithStorage appIdentifierWithStorage, TOTPDevice device, int deviceNameCounter) throws StorageQueryException, DeviceAlreadyExistsException, TenantOrAppNotFoundException, StorageTransactionLogicException {

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deviceNameCounter is a better name cause then it can be confused with recursion limiting counter (if someone adds that)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Comment on lines 214 to 215
1000; // (Default
// 15 mins)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment is in two lines unnecessarily.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@@ -374,7 +418,8 @@ public static void verifyCode(TenantIdentifierWithStorage tenantIdentifierWithSt
// Check if the user has any devices:
TOTPDevice[] devices = totpStorage.getDevices(tenantIdentifierWithStorage.toAppIdentifier(), userId);
if (devices.length == 0) {
throw new TotpNotEnabledException();
// No devices found. So we can't verify the code anyway.
throw new InvalidTotpException();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe it's better to throw an UnknownUserIdTotpException, since the input to this API is also the userId

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be an additional status code that is sent to the backend sdk

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

} catch (UnknownUserIdTotpException e) {
// User must have deleted the device in parallel
// since they cannot un-verify a device (no API exists)
throw new InvalidTotpException();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe it's better to throw an UnknownUserIdTotpException, since the input to this API is also the userId

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -76,13 +70,10 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I
tenantIdentifierWithStorage = getTenantIdentifierWithStorageFromRequest(req);
}

Totp.verifyCode(tenantIdentifierWithStorage, main, userId, totp, allowUnverifiedDevices);
Totp.verifyCode(tenantIdentifierWithStorage, main, userId, totp, false);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we are never calling verifyCode with true, then we should just remove the allowUnverifiedDevices boolean from the input of the function.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -2687,7 +2686,7 @@ public void insertUsedCode_Transaction(TransactionConnection con, TenantIdentifi
Config.getConfig(this).getTotpUsersTable(),
new String[]{"app_id", "user_id"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check and confirm.

@@ -95,30 +94,71 @@ public static TOTPDevice registerDevice(Main main, String userId,
}
}

private static TOTPDevice registerDeviceRecursive(AppIdentifierWithStorage appIdentifierWithStorage, TOTPDevice device, int counter) throws StorageQueryException, DeviceAlreadyExistsException, TenantOrAppNotFoundException, StorageTransactionLogicException {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private static TOTPDevice registerDeviceRecursive(AppIdentifierWithStorage appIdentifierWithStorage, TOTPDevice device, int counter) throws StorageQueryException, DeviceAlreadyExistsException, TenantOrAppNotFoundException, StorageTransactionLogicException {
private static TOTPDevice registerUnnamedDeviceRecursive(AppIdentifierWithStorage appIdentifierWithStorage, TOTPDevice device, int counter) throws StorageQueryException, DeviceAlreadyExistsException, TenantOrAppNotFoundException, StorageTransactionLogicException {

src/main/java/io/supertokens/totp/Totp.java Show resolved Hide resolved
TOTPSQLStorage totpStorage = appIdentifierWithStorage.getTOTPStorage();

if (deviceName != null) {
totpStorage.createDevice(appIdentifierWithStorage, device);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if this throws a device already exists error, but that device is not verified, we just replace that with the input device.

@sattvikc sattvikc self-assigned this Sep 27, 2023
@rishabhpoddar rishabhpoddar merged commit 0387df7 into feat/mfa Sep 28, 2023
@rishabhpoddar rishabhpoddar deleted the refactor/avoid-totp-not-enabled branch September 28, 2023 11:16
rishabhpoddar added a commit that referenced this pull request Mar 13, 2024
* adds connection uri and tenant id based resource distributor

* removes unnecessary file

* adds a bunch of todos

* adds storage layer function and also laod all configs function

* implements core config merging across tenants

* restructures code related to config checking in core

* changes storage layer to take json instead of config file path

* small refactor

* adds ability to create new storage instances on the fly

* in mem db function impl for user pool ID and config conflict checking

* small change

* adds checks for conflicting core configs

* adds a few tests for multi tenant config

* adds more tests

* more tests

* adds function to get connection pool ID

* adds skeleton for loading storage layers for tenants

* fixes compile error

* adds code to load multiple storage layers as well

* deletes info across all tenants during testing

* adds one test for storage layer

* fixes a test

* fixes bug in setting resource in resource distributor

* fixes bugs

* loads signing keys for all tenants

* fixes bug

* adds new test and modifies the testing kill process to clear databases across mulitple user pools

* implements more test

* small change to formatting

* small change to formatting

* modifies cron jobs to run per unique user pool ID

* fixes a few bugs

* disallows different argon2 pool size across tenants

* changes server api key check to be based on connection uri as well

* adds function for getTenantId

* modfies delete user API as well

* makes tests compile

* marked getStorageLayer older version as testonly

* fixes a few tests

* removes unused storage layer when loading them for all tenants

* makes storagelayer.getAuthRecipeStorage testonly

* makes storagelayer.getSession testonly

* makes storagelayer.getEmailPasswordStorage testonly

* makes storagelayer.getEmailVerificationStorage testonly

* makes storagelayer.getThirdPartyStorage testonly

* makes storagelayer.getPasswordlessStorage testonly

* more updates to storage layer functions and reciope

* completes all storage layer function changes

* makes Config.getConfig testonly

* implements custom routing class for api requests

* fixes a few bugs

* adds test cases

* adds tenant not found logic

* adds new exception

* fixes all tests

* removes unnecessary exception catching

* fixes bug

* adds test for path router

* adds more tests

* adds more tests

* adds more tests

* changes defaulttenantid to public

* adds appId as a identifier for a unique tenant

* adds extracting appId from request path

* small change

* fixes bug with extarcting tenantid with appid

* fixes bug

* adds more tests

* starts working on multitenancy class and utils functions

* more changes to multitenancy file

* fixes a bug

* small change

* ads crud functions for multi tenancy

* changes to use of quiteprogramexception from in mem db

* adds skeleton for multitenancy functions in in mem db

* adds a few todos

* small change

* small change

* adds more functions to multi tenancy impl

* adds multi tenancy functions to delete and get info

* fixes tests

* adds a few exception cases

* updates exception import

* small change to make debugging easier

* fixes logging related issue in test

* checks for permission when creating a new app

* simplifies delete of app and connectionuridomain

* adds sync to respirce distributor

* small change

* small changes

* checks if multi tenancy is enabled in license key during tenant creation

* adds FeatureNotEnabledException exception

* small refactor

* fixes deadlock condition

* fixes in memory db issue

* does deep equals in tenant refresh function

* small change

* adds more checks when adding or updating a tenant

* adds tenantIdentifier for emailpassword and useridmapping recipes

* enforces unique user pool id per connectionuridomain

* small bug fix for refreshing cronjobs

* makes cronjob run per user pool, but pass list of tenants within that pool to the doTask function

* changes to incorporate tenantIndetifier for key value storage

* changes to session receipe to add tenantIdentifier

* adds a todo

* introduces the concept of appIdentifier vs tenantIdentifier

* fixes test compilation issues

* fixes bugs from existing tests

* adds appidentifier to user metadata functions

* modifes user roles functions to add tenantidentifier and appidentifiers

* small refactor

* modifies session recipe to add tenantId as part of the access token and refresh token

* small change

* fixes a bug

* modifies emailpassword functions

* changes to a few functions

* adds appidentifier to email verfication

* adds tenant identifier to third party

* adds tenantidentifier to passwordless

* changes how tenant configs are checked

* fixes tests

* small bug fixes

* fix: config tests (#568)

* fix: added a config test

* fix: added few config tests

* fix: pr comments

* fix: pr comments

* fix: new exceptions and tests (#573)

* fix: added a config test

* fix: added few config tests

* fix: pr comments

* fix: pr comments

* fix: new exceptions and tests

* fix: new tests and moved race condition test to postgres plugin

* fix: new tests

* fix: updated tests

* fix: concurrent test

* fix: typos

* fix: random test

* fix: random test

* makes telemetry and feature flag multi tenant as well - per app

* refactors crontask to be better suited for multi tenancy

* fix: Email password and user id mapping multi tenancy changes (#580)

* fix: ep recipe impl

* fix: updated as per plugin interface

* fix: pr comments

* fix: fixed unknown user handling

* fix: update useridmapping

* fix: updated the way storage is passed

* fix: updated the way storage is passed

* fix: smaller changes

* fix: smaller changes

* fix: pr comments

* fix: cleanup

* fix: cleanup

* fix: pr comments

* fix: fix compile

* fix: pr comments and test fixes

* fix: revert delete user

* fix: updated deleteUserAPI

* fix: test fix

* fix: plugin interface related

* fix: pr comments

* fix: pr comments

* fix: removed getTenantIdentifierFromRequest

* fix: app identifier with storage

* fixes test

* fix: Multitenant userroles (#600)

* fix: user roles impl

* fix: handling fkey

* fix: pr comments

* fix: pr comments

* fix: Multitenant usermetadata (#605)

* fix: user roles impl

* fix: handling fkey

* fix: usermetadata impl

* fix: user metadata impl

* fix: api updates

* fix: emailpassword storage (#607)

* fix: uid mapping storage (#608)

* fix: multitenant ep tests (#609)

* fix: Multitenant user id mapping tests (#611)

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: uid mapping tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: Multitenant API, storage and tests (#614)

* fix: passwordless storage

* fix: passwordless changes and tests

* fix: passwordless changes and tests

* fix: passwordless changes and tests

* fix: pr comments

* fix: Multitenant thirdparty API, storage and tests (#616)

* fix: thirdparty storage and API

* fix: thirdparty tests

* fix: thirdparty changes

* fix: pr comments

* fix: Multitenant emailverification (#618)

* fix: thirdparty storage and API

* fix: thirdparty tests

* fix: emailverification storage

* fix: emailverification changes

* fix: emailverification test

* fix: comment

* fix: token tenant specific

* fix: Multitenant session (#619)

* fix: session changes

* fix: session changes

* fix: session API

* fix: updated comments

* fix: minor fixes

* fix: minor fixes

* fix: minor fixes

* fix: minor fixes

* fix: minor fixes

* fix: session tests

* fix: fixed tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: removed unused param

* fix: pr comments

* merges with latest (#622)

* merges with latest - tests not fixed

* fixes a few tests

* fixes test compilation issue

* fixes tests

* adds load testing basics

---------

Co-authored-by: Sattvik Chakravarthy <[email protected]>

* several fixes

* fix: Multitenant jwt (#629)

* fix: jwt changes

* fix: undo

* fix: Multitenant Auth Recipe (#633)

* fix: auth recipe storage

* fix: auth recipe changes

* fix: updated API

* fix: pr comments

* fix: pr comments

* fix: Multitenant dashboard (#636)

* fix: dashboard changes

* fix: dashboard test

* fix: Multitenant totp (#637)

* fix: totp changes

* fix: handling fk

* fix: updated comments

* fix: multitenant test

* fix: pr comment

* merges (#638)

* adds new config (#639)

* makes test more reliable

* removes unnecessary deprecated annotation (#640)

* fix: multitenancy changes (#641)

* fix: api implementations

* fix: after merge

* fix: test fix

* fix: test fix

* fix: working cud tests

* fix: db config protection

* fix: add user to tenant

* fix: tests

* fix: pr comment

* fix: cleanup

* fix: input parsing

* fix: PR comments

* fix: remove DeletionInProgressException

* fix: removeUserIdFromTenant

* fix: protected fields

* fix: pr comment

* fix: more tests and fixes

* fix: fixed validation

* fix: remove api permission checks

* fix: fixed permission logic and added tests

* fix: thirdparty config tests and fixes

* fix: thirdparty config tests and fixes

* fix: tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: pr comment

* fix: Misc changes (#645)

* fix: api implementations

* fix: after merge

* fix: test fix

* fix: test fix

* fix: working cud tests

* fix: db config protection

* fix: add user to tenant

* fix: tests

* fix: pr comment

* fix: cleanup

* fix: input parsing

* fix: PR comments

* fix: remove DeletionInProgressException

* fix: removeUserIdFromTenant

* fix: protected fields

* fix: pr comment

* fix: more tests and fixes

* fix: fixed validation

* fix: remove api permission checks

* fix: fixed permission logic and added tests

* fix: thirdparty config tests and fixes

* fix: thirdparty config tests and fixes

* fix: tests

* fix: config api

* fix: active users

* fix: test only code in production

* fix: Tenantid logging (#646)

* fix: tenant id in logging

* fix: pr comment

* fix: Rate limiting hello (#647)

* fix: rate limiting hello api

* fix: pr comments

* fix: multitenancy stats (#649)

* fix: multitenancy stats

* fix: pr comment and test

* fix: pr comment

* fix: pr comment

* fix: Tenantid in userobjects (#650)

* fix: create user type

* fix: test fixes

* fix: added test

* fix: refactored ep and tp

* fix: refactor pless

* fix: test fix

* fix: pr comment

* feat: Introduce MFA recipe

* fix: Ip filter per tenant (#652)

* fix: ip filter impl

* fix: ip filter impl

* fix: ip filter impl

* fix: jwt fix

* fix: updated console log (#653)

* fix: API key per app (#654)

* feat: Add EE feature for MFA functions

* fix: Fix didExist of factor disable API

* fix: Startup log (#655)

* fix: tenant id in loadConfig

* fix: remove repeat log

* fix: added test

* fix: License tests (#656)

* fix: license tests

* fix: added test

* fix: pr comment

* test: Config normalisation test (#658)

* fix: added tests for config normalisation

* fix: fixed comment

* fix: fixed comment

* feat: Suggested changes along with tests

* fix: delete non auth user in deleteUserIdFromTenantId (#659)

* fix: delete user in non auth recipe

* fix: pr comments

* fix: thirdparty related tests (#661)

* fix: tp changes

* fix: pr comment

* feat: Add MFA EE features and user id mapping related tests

* fix: Remove irrelevant multitenancy change

* fix: Config validation (#662)

* fix: config validation

* fix: config validation

* fix: pr comment

* fix: pr comment

* fix: pr comment

* fix: pr comment

* fix: config per tenant, per app annotations and validation (#666)

* fix: pagination test (#667)

* fix: added version check for multitenant apis (#669)

* fix: added version check for multitenant apis

* fix: pr comment

* fix: clean up init keys (#670)

* fix: clean up init keys

* fix: pr comment

* fix: removed isTesting check in prod code (#671)

* fix: Suggested changes

* test: Improve MFA delete user test

* test: Fix all tests and inherit from MFaTestBase

* feat: Add function to delete user from a tenant and test it

* fix: resource reloading (#673)

* fix: resource reloading

* fix: license test task reloading

* fix: reload revert

* fix: impl

* fix: pr comments

* fix: pr comments

* fix: pr comment

* fix: pr comments

* fix: fixed missing log (#678)

* fix: fixed logging

* fix: pr comments

* fix: pr comments

* Overload deleteMfaInfoForUser and set factor column size to 64

* fix: merge issues (#680)

* fix: session v4 (#683)

* fix: session v4

* fix: tests

* fix: pr comments and tests

* fix: test

* fix: pr comments

* fix: Postgres migration (#685)

* fix: changelog

* fix: changelog

* fix: pr comments

* fix: fixed tests for active user storage (#686)

* refactor: Remove irrelevant changes from merge conflict

* chores: Mention new MFA recipe in CHANGELOG

* chores: Bring back ActiveUsers function implementation

* fix: tests

* refactor: Replace TOTP_NOT_ENABLED_ERROR status and make deviceName optional (#729)

* refactor: Dont send TOTP_NOT_ENABLED_ERROR status

* refactor: Add comments

* chores: Remove extra comments

* refactor: Completely replace totp not enabled error with unknown device error

* refactor: Remove Totp not enabled error

* feat: Make device name optional and generate it from number of existing devices

* Replace TotpNotEnabledError with UnknownUserIdTotpError

* refactor: Recursively generate device name when it already exists

* refactor: Remove redundant arguments

* feat: Remove the param to allow unverified devices from the verify totp API

* feat: Reject unverified devices

* feat: Add UNKNOWN_USER_ID_ERROR to verify totp api

* feat: Throw Unknown user id error when device gets deleted during verification

* fix: core fixes

* fix: cleanup

* fix: tests

---------

Co-authored-by: Sattvik Chakravarthy <[email protected]>

* fix: tests

* fix: mfa and totp queries

* fix: flaky tests

* fix: mfa cleanup (#837)

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: pr comments

* Mfa multitenancy (#841)

* fix: multitenancy changes

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: api

* fix: mfa multitenancy updates

* fix: tests

* fix: mfa

* fix: tests

* fix: tests

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: tests

* fix: pr comments

* Mfa accountlinking (#867)

* fix: multitenancy changes

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: api

* fix: mfa multitenancy updates

* fix: tests

* fix: mfa

* fix: tests

* fix: tests

* fix: accountlinking APIs for MFA

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: tests

* fix: pr comments

* fix: refactor and tests

* Mfa firstfactor in sign in or up (#868)

* fix: multitenancy changes

* fix: mfa cleanup

* fix: mfa cleanup

* fix: test

* fix: api

* fix: mfa multitenancy updates

* fix: tests

* fix: mfa

* fix: tests

* fix: tests

* fix: accountlinking APIs for MFA

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: tests

* fix: pr comments

* fix: refactor and tests

* fix: sign in/up API updates

* fix: some tests and fixes

* fix: more tests

* fix: sign in up apis

* fix: pr comment

* fix: import totp device API (#869)

* fix: import totp device API

* fix: remove extra api

* fix: add createdat to totp device (#870)

* fix: mfa stats

* fix: active users data saved into public tenant storage

* fix: pr comments

* fix: pr comments

* fix: pr comment

* Mfa inmemory (#874)

* fix: add createdat to totp device

* fix: inmemory changes for mfa

* fix: mfa stats queries

* fix: test

* fix: totp APIs and flaky tests fix (#879)

* fix: totp APIs and flaky tests fix

* fix: PR comment

* fix: response

* fix: version update

* fix: changelog

* fix: remove MFA apis

* fix: remove isValidFirstFactor

* fix: revert account linking api

* Mfa changes (#901)

* fix: remove tenant config and rename secondary factors

* fix: version prefix in logging

* fix: remove totp enabled

* fix: firstFactors and requiredSecondaryFactors validation

* fix: remove totpEnabled

* fix: more validation

* fix: version in core logs

* fix: error message

* fix: createNewRecipeUser input in consume code API (#910)

* fix: createNewRecipeUser flag in consume code API

* fix: more tests

* fix: update test

* fix: pr comments

* feat: make refresh sync signing key setting (#909)

* feat: make refresh update the signing key type of sessions

* feat: make the refresh and create session apis consistent

* test: remove test log

* chore: update changelog

* test: update tests to use new param

* fix: totp import api (#915)

* fix: totp import api

* fix: refactor

* fix: Fake email verified for emailpassword sign up (#913)

* fix: mark fake email as verified in emailpassword sign up

* fix: add tests

* fix: pr comments

* fix: clean

* Merge 7.0 (#940)

* fix: adds test for user pagination from old version (#893)

* adding dev-v7.0.15 tag to this commit to ensure building

* fix: core config validation (#894)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* adding dev-v7.0.16 tag to this commit to ensure building

* fix: null handling in config mapper (#897)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* fix: null handling

* fix: test defaults

* adding dev-v7.0.16 tag to this commit to ensure building

* Add t4-app in release checklist (#899)

* Update README.md

* Add Dockerfile for ubuntu 22.04 (#904)

* fix: error logs should be printed to StdErr (#918)

* fix: Load only cud (#917)

* fix: update config and validateAndNormalize

* fix: impl

* fix: PR comments

* fix: cleanup

* fix: cleanup

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: changelog

* fix: 400 error

* fix: cuds from db

* fix: connection pool issue (#919)

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Test fix (#921)

* fix: test

* fix: tests

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: CICD tests (#925)

* fix: tests

* fix: adding retry

* fix: kill

* fix: typo

* fix: cicd

* fix: cicd

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Vulnerability fix (#928)

* fix: updated dependencies

* fix: updated dependencies

* chore: version and changelog

* fix: update impl deps

* fix: telemetry data

* fix: changelog

* fix: cleanup

* fix: active user storage

* fix: active users storage test

* fix: changelog

* fix: versions

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Cicd tests fix (#932)

* fix: CICD fix

* fix: test fix

* fix: test for mongo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#933)

* fix: dependency fix

* fix: dep fix

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#934)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: 31 days of mau (#936)

* fix: MAU computation (#937)

* fix: mau

* fix: typo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: mau related tests (#938)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Tests (#939)

* fix: mau related tests

* fix: test

* adding dev-v7.0.18 tag to this commit to ensure building

---------

Co-authored-by: rishabhpoddar <[email protected]>
Co-authored-by: Ankit Tiwari <[email protected]>

* merge latest (#947)

* fix: adds test for user pagination from old version (#893)

* adding dev-v7.0.15 tag to this commit to ensure building

* fix: core config validation (#894)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* adding dev-v7.0.16 tag to this commit to ensure building

* fix: null handling in config mapper (#897)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

* fix: null handling

* fix: test defaults

* adding dev-v7.0.16 tag to this commit to ensure building

* Add t4-app in release checklist (#899)

* Update README.md

* Add Dockerfile for ubuntu 22.04 (#904)

* fix: error logs should be printed to StdErr (#918)

* fix: Load only cud (#917)

* fix: update config and validateAndNormalize

* fix: impl

* fix: PR comments

* fix: cleanup

* fix: cleanup

* fix: pr comments

* fix: pr comments

* fix: tests

* fix: changelog

* fix: 400 error

* fix: cuds from db

* fix: connection pool issue (#919)

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Test fix (#921)

* fix: test

* fix: tests

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: CICD tests (#925)

* fix: tests

* fix: adding retry

* fix: kill

* fix: typo

* fix: cicd

* fix: cicd

* adding dev-v7.0.17 tag to this commit to ensure building

* fix: Vulnerability fix (#928)

* fix: updated dependencies

* fix: updated dependencies

* chore: version and changelog

* fix: update impl deps

* fix: telemetry data

* fix: changelog

* fix: cleanup

* fix: active user storage

* fix: active users storage test

* fix: changelog

* fix: versions

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Cicd tests fix (#932)

* fix: CICD fix

* fix: test fix

* fix: test for mongo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#933)

* fix: dependency fix

* fix: dep fix

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: dependencies (#934)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: 31 days of mau (#936)

* fix: MAU computation (#937)

* fix: mau

* fix: typo

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: mau related tests (#938)

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: Tests (#939)

* fix: mau related tests

* fix: test

* adding dev-v7.0.18 tag to this commit to ensure building

* fix: fixes storage handling for non-auth recipes (#942)

* fix: non auth recipe stuff

* fix: user roles

* fix: half done

* fix: thirdparty changes

* fix: passwordless changes

* fix: active users

* fix: session changes

* fix: user metadata

* fix: user roles

* fix: totp

* fix: email verification

* fix: multitenancy and other minor fixes

* fix: compile errors

* fix: bugs and tests

* fix: bugs and tests

* fix: func rename

* fix: PR comments

* fix: pr comments

* fix: pr comments

* fix: pr comments

* fix: user role multitenant tests

* fix: email verification tests

* fix: user role deletion

* fix: user roles

* fix: user roles

* fix: get tenant identifier refactor

* fix: pr comments

* fix: query

* fix: tests version and changelog

* Update CHANGELOG.md

Co-authored-by: Rishabh Poddar <[email protected]>

* fix: pr comments

---------

Co-authored-by: Rishabh Poddar <[email protected]>

* adding dev-v8.0.0 tag to this commit to ensure building

* fix: plugin interface version (#945)

* adding dev-v8.0.0 tag to this commit to ensure building

* fix: cicd tests (#946)

* fix: cicd tests

* fix: cicd tests

* fix: cicd tests

* fix: cicd tests

* fix: cicd tests

* adding dev-v8.0.0 tag to this commit to ensure building

---------

Co-authored-by: rishabhpoddar <[email protected]>
Co-authored-by: Ankit Tiwari <[email protected]>

* fix: add check code API and update delete code API (#948)

* fix: verify code API

* pr comments

* fix: cleanup

* fix: PR comments

* fix: pr comment

* fix: revert formatting

* fix: revert formatting

* feat: merge last active times when linking users (#954)

* feat: merge last active times when linking users

* fix: pr comments

* fix: cleanup

* fix: pr comments

* fix: cleanup

---------

Co-authored-by: Sattvik Chakravarthy <[email protected]>

* Remaining changes (#956)

* fix: enforce public tenant

* fix: enforce public tenant >= 5.0

* fix: pass appId to getUserIdMappingForSuperTokensIds

* fix: create session with useridmapping

* fix: consumed device

* fix: list and remove tenant api enforcement

* fix: firstFactors and secondFactors in multitenancy stats

* fix: tests

* fix: tests

* fix: versions

* fix: PR coments

* fix: pr comments

* fix: null handling

* fix: fixme

---------

Co-authored-by: rishabhpoddar <[email protected]>
Co-authored-by: Sattvik Chakravarthy <[email protected]>
Co-authored-by: Sattvik Chakravarthy <[email protected]>
Co-authored-by: Mihály Lengyel <[email protected]>
Co-authored-by: Ankit Tiwari <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants